Esempio n. 1
0
        /**
        * Implements section 6.3 of the OAuth spec.
        * @throws OAuthProtocolException
        */
        private void exchangeRequestToken()
        {
            if (accessorInfo.getAccessor().accessToken != null)
            {
                // session extension per
                // http://oauth.googlecode.com/svn/spec/ext/session/1.0/drafts/1/spec.html
                accessorInfo.getAccessor().requestToken = accessorInfo.getAccessor().accessToken;
                accessorInfo.getAccessor().accessToken = null;
            }
            OAuthAccessor accessor = accessorInfo.getAccessor();
            Uri accessTokenUri = Uri.parse(accessor.consumer.serviceProvider.accessTokenURL);
            sRequest request = new sRequest(accessTokenUri);
            request.setMethod(accessorInfo.getHttpMethod().ToString());
            if (accessorInfo.getHttpMethod() == AccessorInfo.HttpMethod.POST) 
            {
                request.setContentType(OAuth.FORM_ENCODED);
            }

            List<OAuth.Parameter> msgParams = new List<OAuth.Parameter>
                                                  {new OAuth.Parameter(OAuth.OAUTH_TOKEN, accessor.requestToken)};
            if (accessorInfo.getSessionHandle() != null) 
            {
                msgParams.Add(new OAuth.Parameter(OAUTH_SESSION_HANDLE, accessorInfo.getSessionHandle()));
            }

            sRequest signed = sanitizeAndSign(request, msgParams);

            OAuthMessage reply = sendOAuthMessage(signed);

            accessor.accessToken = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN);
            accessor.TokenSecret = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET);
            accessorInfo.setSessionHandle(OAuthUtil.getParameter(reply, OAUTH_SESSION_HANDLE));
            accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN);
            if (OAuthUtil.getParameter(reply, OAUTH_EXPIRES_IN) != null) 
            {
                try 
                {
                    int expireSecs = int.Parse(OAuthUtil.getParameter(reply, OAUTH_EXPIRES_IN));
                    long expireMillis = DateTime.UtcNow.AddSeconds(expireSecs).Ticks;
                    accessorInfo.setTokenExpireMillis(expireMillis);
                } 
                catch (FormatException)
                {
                    // Hrm.  Bogus server.  We can safely ignore this, we'll just wait for the server to
                    // tell us when the access token has expired.
                    responseParams.logDetailedWarning("server returned bogus expiration");
                }
            }

            // Clients may want to retrieve extra information returned with the access token.  Several
            // OAuth service providers (e.g. Yahoo, NetFlix) return a user id along with the access
            // token, and the user id is required to use their APIs.  Clients signal that they need this
            // extra data by sending a fetch request for the access token URL.
            //
            // We don't return oauth* parameters from the response, because we know how to handle those
            // ourselves and some of them (such as oauthToken_secret) aren't supposed to be sent to the
            // client.
            //
            // Note that this data is not stored server-side.  Clients need to cache these user-ids or
            // other data themselves, probably in user prefs, if they expect to need the data in the
            // future.
            if (accessTokenUri.Equals(realRequest.getUri())) 
            {
                accessTokenData = new Dictionary<string, string>();
                foreach(var param in OAuthUtil.getParameters(reply))
                {
                    if (!param.Key.StartsWith("oauth")) 
                    {
                        accessTokenData.Add(param.Key, param.Value);
                    } 
                }
            }
        }
Esempio n. 2
0
        /**
        * Creates a proxy request by fetching pipelined data and adding it to an existing request.
        *
        */
        private sRequest createPipelinedProxyRequest(Gadget gadget, sRequest original) 
        {
            sRequest request = new sRequest(original);
            request.setIgnoreCache(true);
            GadgetSpec spec = gadget.getSpec();
            GadgetContext context = gadget.getContext();
            IPreloads proxyPreloads = preloader.preload(context, spec,
                                PreloaderService.PreloadPhase.PROXY_FETCH);
            // TODO: Add current url to GadgetContext to support transitive proxying.

            // POST any preloaded content
            if ((proxyPreloads != null) && proxyPreloads.getData().Count != 0) 
            {
                JsonArray array = new JsonArray();

                foreach(PreloadedData preload in proxyPreloads.getData()) 
                {
                    Dictionary<String, Object> dataMap = preload.toJson();
                    foreach(var entry in dataMap) 
                    {
                        // TODO: the existing, supported content is JSONObjects that contain the
                        // key already.  Discarding the key is odd.
                        array.Put(entry.Value);
                    }
                }

                String postContent = array.ToString();
                // POST the preloaded content, with a method override of GET
                // to enable caching
                request.setMethod("POST")
                  .setPostBody(Encoding.UTF8.GetBytes(postContent))
                  .setHeader("Content-Type", "text/json;charset=utf-8");
            }
            return request;
        }
Esempio n. 3
0
        private void fetchRequestToken()
        {
            OAuthAccessor accessor = accessorInfo.getAccessor();
            sRequest request = new sRequest(Uri.parse(accessor.consumer.serviceProvider.requestTokenURL));
            request.setMethod(accessorInfo.getHttpMethod().ToString());
            if (accessorInfo.getHttpMethod().CompareTo(AccessorInfo.HttpMethod.POST) == 0)
            {
                request.setContentType(OAuth.FORM_ENCODED);
            }

            sRequest signed = sanitizeAndSign(request, null);

            OAuthMessage reply = sendOAuthMessage(signed);

            accessor.requestToken = reply.getParameter(OAuth.OAUTH_TOKEN);
            accessor.TokenSecret = reply.getParameter(OAuth.OAUTH_TOKEN_SECRET);
        }